我有这段代码,据我所知是易受攻击的,但是我很难从中编写出安全的预备语句。任何对如何获取存储在变量$userrecord中的成员记录数组以及存储在$rowsnumber中的行数的想法的人都会帮助我。我以前没有使用过MySQLi准备好的语句
/*This query returns member records in an array format*/
$querymember = "SELECT * FROM members WHERE phone='$providedphone' ";
$member = mysqli_query($conn,$querymember);
// Number of rows
$rowsnumber = $member->num_rows;
// User record (Entity)
$userrecords = $member->fetch_array(MYSQLI_NUM);
我尝试过的
$stmt = $mysqli->prepare("SELECT * FROM members WHERE phone = ?");
$stmt->bind_param("s", $providedphone);
$stmt->execute();
// To get number of rows
$rowsnumber = $stmt->num_rows;
// To get user records
$userrecords = $stmt->get_result();
答案 0 :(得分:1)
if '192.168.1.100'.testDottedQuad():
doSomething()
dq = '216.126.621.5'
if not dq.testDottedQuad():
throwWarning();
dqt = ''.join(['127','.','0','.','0','.','1']).testDottedQuad()
if dqt:
print 'well, that was fun'
将$userrecords = $stmt->get_result();对象转换为mysqli::statement对象,因此现在您要做的就是像以前一样处理结果集
mysqli::result或者,您可以这样使用$stmt = $mysqli->prepare("SELECT * FROM members WHERE phone = ?");
$stmt->bind_param("s", $providedphone);
$stmt->execute();
//To get number of rows
$rowsnumber = $stmt->num_rows;
//To get user records
$result = $stmt->get_result();
$userrecords = $result->fetch_array(MYSQLI_NUM);
对象,方法是将PHP变量绑定到列名,然后执行mysqli::statement
mysqli::statement->fetch()